Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×
Security IT

Was This the Phishing E-mail That Took Down RSA? 165

Posted by Soulskill
from the hello-sir-madam dept.
alphadogg tips this IDG News report: "'I forward this file to you for review. Please open and view it.' As a ploy to get a hapless EMC recruiter to open up a booby-trapped Excel spreadsheet, it may not be the most sophisticated piece of work. But researchers at F-Secure believe that it was enough to break into one of the most respected computer security companies on the planet, and a first step in a complex attack that ultimately threatened the security of major U.S. defense contractors including Lockheed Martin, L-3, and Northrop Grumman. The e-mail was sent on March 3 and uploaded to VirusTotal a free service used to scan suspicious messages, on March 19, two days after RSA went public with the news that it had been hacked in one of the worst security breaches ever."
This discussion has been archived. No new comments can be posted.

Was This the Phishing E-mail That Took Down RSA?

Comments Filter:
  • Re:All it takes (Score:4, Interesting)

    by datapharmer (1099455) on Friday August 26, 2011 @10:15AM (#37218502) Homepage
    I've found you don't want to work for companies that don't listen to their IT departments as that is bad for job security. A smart boss will listen to a reasoned explanation as to why something is a bad idea. If they don't you should work for them as a consultant and not as an employee - companies with bad IT policies make great clients for consultants, because they spend far more on IT than companies that listen to their IT staff.
  • by maxwell demon (590494) on Friday August 26, 2011 @10:29AM (#37218696) Journal

    Indeed, there should be a strict separation between documents (things you merely view and possibly edit) and programs (things which do something). Unfortunately that line has been crossed by about every document format, from office files (Word, Excel, ...) over HTML (JavaScript) to PDF.

    There should be a set of standard document formats which are guaranteed to not contain any executable code whatsoever, so except for possibly exploiting buffer overflows in interpreting code, displaying the documents is safe. It should be impossible by specification to insert any "active content", i.e. programs, in such documents.

  • by mangu (126918) on Friday August 26, 2011 @10:36AM (#37218772)

    MS is vulnerable because its the biggest target out there.

    While it's true that few people would try to exploit a system nobody uses, MS does its share of the effort to become insecure.

    In this specific case, the first breach was done by a Flash program embedded in an Excel spreadsheet. We are going waaay back to all that DDE/COM/OLE/ActiveX thing that has been opening so many backdoors in Microsoft systems for the last decades. Broken by design.

  • Re:All it takes (Score:3, Interesting)

    by E IS mC(Square) (721736) on Friday August 26, 2011 @10:39AM (#37218834) Journal

    You would love to read "The Cuckoo's Egg" by Cliff Stoll. A lengthy but very interesting read.

    http://en.wikipedia.org/wiki/The_Cuckoo's_Egg_(book) [wikipedia.org]

  • Re:All it takes (Score:5, Interesting)

    by WreckDiver (685191) on Friday August 26, 2011 @11:04AM (#37219122)
    I worked for RSA for 4 years, both before and after EMC acquired them (I was not working there when the break-in occurred). The security experts at RSA are not the people that are running EMC corporate IT. When the acquisition occurred, RSA IT was one of the first groups to be let go. EMC IT policy seemed to be more worried about meeting regulations for compliance than for implementing security policies that actually made sense.

The less time planning, the more time programming.

Working...